A new use has shown up named "verify-sig".  It seems simple enough from
its euse description but its causing a large number of packages to be
rebuilt unnecessarily (it defaults to off on my sytems).  Should I
enable it? - I can find much info on it and it looks like it will cause
major user hassles considering its effects so far - I am surprised there
has been no news item for it which probably means its not considered a
useful use flag.

BillK

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thanks.

BillK


On 9/4/22 15:32, Ionen Wolkens wrote:

On Sat, Apr 09, 2022 at 02:50:30PM +0800, William Kenworthy wrote:

A new use has shown up named "verify-sig".  It seems simple enough from
its euse description but its causing a large number of packages to be
rebuilt unnecessarily (it defaults to off on my sytems).  Should I
enable it? - I can find much info on it and it looks like it will cause
major user hassles considering its effects so far - I am surprised there
has been no news item for it which probably means its not considered a
useful use flag.

Use --changed-use/-U rather than --newuse/-N when using emerge.

With --changed-use, if USE is changing from to:
enabled -> removed = rebuilds
disabled -> removed = ignores (changes nothing, no rebuild needed)
missing -> disabled = ignores (likewise, this is the verify-sig)
missing -> enabled = rebuilds

While --newuse rebuilds in all 4 cases.

There's largely no reason to enable verify-sig as you're already
verifying through the Manifest. This is primarily intended for
developers, albeit for users it can give some assurance that
signatures were checked.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Apr 09, 2022 at 02:50:30PM +0800, William Kenworthy wrote:

A new use has shown up named "verify-sig".  It seems simple enough from
its euse description but its causing a large number of packages to be rebuilt unnecessarily (it defaults to off on my sytems).  Should I
enable it? - I can find much info on it and it looks like it will cause major user hassles considering its effects so far - I am surprised there
has been no news item for it which probably means its not considered a useful use flag.

Use --changed-use/-U rather than --newuse/-N when using emerge.

With --changed-use, if USE is changing from to:
enabled -> removed = rebuilds
disabled -> removed = ignores (changes nothing, no rebuild needed)
missing -> disabled = ignores (likewise, this is the verify-sig)
missing -> enabled = rebuilds

While --newuse rebuilds in all 4 cases.

There's largely no reason to enable verify-sig as you're already
verifying through the Manifest. This is primarily intended for
developers, albeit for users it can give some assurance that
signatures were checked.

--
ionen

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEx3SLh1HBoPy/yLVYskQGsLCsQzQFAmJRNoQACgkQskQGsLCs QzRMMAf7BuQS73GOryrtNoN90JCKpP8no4PGzTUF9BgxA1CWnfwqffDnUbWLotIu unF7mBVNbKvLlo2lF9cu+scvQe2utlHaNZ9Pa04iVg3QGo3gpfsnew3dJW2tO0aG Hyn9t3QueksRKR2qpBz5KU9t2AKBFQxKj+/UoKDVlQ6IwxJ2XkD32H77B8LaYrfy lT3hOqWou3uTdsGZaEkszZdRw72S2mc9/hqMaVnfHWos4odET/bZ8rfpknyI/AJj pw+AdpQ3LSXUgWNQYJ7Plx9sg6CSYBEnXYirnLh8IdlBMUnn49OPxnhfYT2+0vQ3 3AjJooySOvYDbSWf9nA+c1w+zdwk3w==
=4Y0F
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)